Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213579.roa
File:                     AS213579.roa (raw, json)
Hash identifier:          jDNJrbvAxXFuaRg34JJAIz2fZBVeuyfZiElTvBc0I3s=
Subject key identifier:   DC:BB:59:D4:4F:F2:98:1A:03:B7:EA:95:A6:0A:D6:A8:0C:AF:9A:6E
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       2C3C9C48167D7DE7510F627942A3176DFB677AE7
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213579.roa
Signing time:             Tue 11 Feb 2025 03:43:10 +0000
ROA not before:           Tue 11 Feb 2025 03:38:10 +0000
ROA not after:            Tue 10 Feb 2026 03:43:10 +0000
asID:                     213579
IP address blocks:        2a0f:85c1:b3f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 20:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:3c:9c:48:16:7d:7d:e7:51:0f:62:79:42:a3:17:6d:fb:67:7a:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Feb 11 03:38:10 2025 GMT
            Not After : Feb 10 03:43:10 2026 GMT
        Subject: CN=DCBB59D44FF2981A03B7EA95A60AD6A80CAF9A6E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:8c:5b:6b:1f:b6:44:82:ad:89:5b:45:b1:8b:
                    fc:98:41:35:c8:ee:be:73:c7:61:f7:0a:8f:06:73:
                    ed:ce:d9:47:51:fe:9a:fe:04:ca:69:22:3f:7d:67:
                    a3:a4:27:bd:af:45:21:72:e0:ca:bd:b1:57:62:55:
                    99:f7:9f:3d:2d:2b:3e:2d:37:3c:b0:83:2f:b3:41:
                    e8:80:48:95:d9:e1:41:c1:f8:bc:3c:3d:00:0e:2d:
                    c0:a3:57:52:87:2c:59:f8:88:79:25:f9:9f:2f:24:
                    9e:ec:86:77:ac:d2:06:d2:91:a7:f0:39:ff:5c:12:
                    c8:39:c3:41:ec:2a:b4:76:2b:1b:6d:19:b0:d4:d4:
                    67:92:a2:bf:7e:8e:c7:07:2b:7e:5d:17:c7:cf:6d:
                    8e:39:a6:db:7f:e8:bd:42:36:e7:4b:0d:bf:38:53:
                    c1:9a:33:60:7f:b2:26:e1:db:ac:c1:d4:5a:4b:13:
                    a4:11:ff:b4:3f:99:5f:55:a0:f7:d9:08:c2:7d:86:
                    ca:1c:3c:2d:8e:ea:26:5a:48:6b:a2:29:b4:fb:27:
                    92:89:bf:31:f9:5e:0f:60:a3:c8:7c:bf:1e:a6:cd:
                    f7:8d:49:c8:46:01:3e:36:f4:28:01:d6:6a:06:32:
                    a4:22:82:4b:d5:1e:e8:87:27:a6:8a:df:05:84:2c:
                    e1:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:BB:59:D4:4F:F2:98:1A:03:B7:EA:95:A6:0A:D6:A8:0C:AF:9A:6E
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213579.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:b3f::/48

    Signature Algorithm: sha256WithRSAEncryption
         4b:e8:e7:e6:6d:c3:ea:b7:20:c6:01:68:5a:fa:89:bd:27:2b:
         ee:0f:5f:6c:31:81:ee:69:b3:37:08:62:f3:ad:d7:a8:0e:73:
         c3:7e:48:26:f4:5c:26:61:05:7b:66:13:13:5f:b7:51:93:7f:
         27:74:c9:0c:72:ce:0f:d6:b0:79:b7:5f:98:9c:84:13:dd:7a:
         78:3c:01:b6:59:70:06:9c:19:a7:54:e7:fa:21:f4:fb:79:c3:
         0e:db:27:d3:c1:2b:ee:56:00:6d:44:a3:77:5e:d9:4c:25:57:
         ae:e0:49:38:da:9f:c4:d3:11:a4:47:e1:cb:64:0f:f3:11:9c:
         60:2c:11:9e:47:29:6a:b4:2c:74:62:08:41:b9:04:ed:fe:ab:
         8f:b3:9d:fe:e0:fb:fc:e2:89:ec:a8:3a:5e:37:83:81:62:a1:
         9f:55:52:55:53:9d:99:7b:4f:74:05:7a:0b:fd:df:fb:ea:82:
         0a:99:d5:8e:b3:95:7a:97:bd:c7:ea:f6:eb:b6:49:64:6b:f6:
         30:be:95:21:65:38:40:6a:1d:48:7e:50:f3:4b:29:b8:ef:73:
         d1:df:19:98:3a:86:5c:9f:cf:26:38:8f:d9:87:c0:66:7d:0e:
         41:5e:06:86:3d:47:9e:d1:30:a4:95:20:08:af:67:6d:9c:d3:
         5c:82:42:cd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIULDycSBZ9fedRD2J5QqMXbftneucwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTAyMTEwMzM4MTBaFw0yNjAyMTAwMzQzMTBaMDMxMTAvBgNV
BAMTKERDQkI1OUQ0NEZGMjk4MUEwM0I3RUE5NUE2MEFENkE4MENBRjlBNkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBjFtrH7ZEgq2JW0Wxi/yYQTXI
7r5zx2H3Co8Gc+3O2UdR/pr+BMppIj99Z6OkJ72vRSFy4Mq9sVdiVZn3nz0tKz4t
Nzywgy+zQeiASJXZ4UHB+Lw8PQAOLcCjV1KHLFn4iHkl+Z8vJJ7shnes0gbSkafw
Of9cEsg5w0HsKrR2KxttGbDU1GeSor9+jscHK35dF8fPbY45ptt/6L1CNudLDb84
U8GaM2B/sibh26zB1FpLE6QR/7Q/mV9VoPfZCMJ9hsocPC2O6iZaSGuiKbT7J5KJ
vzH5Xg9go8h8vx6mzfeNSchGAT429CgB1moGMqQigkvVHuiHJ6aK3wWELOG/AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU3LtZ1E/ymBoDt+qVpgrWqAyvmm4wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEzNTc5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQs/MA0GCSqGSIb3DQEBCwUAA4IBAQBL6OfmbcPqtyDGAWha+om9JyvuD19sMYHu
abM3CGLzrdeoDnPDfkgm9FwmYQV7ZhMTX7dRk38ndMkMcs4P1rB5t1+YnIQT3Xp4
PAG2WXAGnBmnVOf6IfT7ecMO2yfTwSvuVgBtRKN3XtlMJVeu4Ek42p/E0xGkR+HL
ZA/zEZxgLBGeRylqtCx0YghBuQTt/quPs53+4Pv84onsqDpeN4OBYqGfVVJVU52Z
e090BXoL/d/76oIKmdWOs5V6l73H6vbrtklka/YwvpUhZThAah1IflDzSym473PR
3xmYOoZcn88mOI/Zh8BmfQ5BXgaGPUee0TCklSAIr2dtnNNcgkLN
-----END CERTIFICATE-----